Mac OS Security hole using Versions (DocumentRevisions-V100)

You know that new feature of the Mac OS called Versions? Its the thing that automatically saves multiple version of whatever file you are working on in TextEdit, Pages, Numbers, and other Mac Apps so you can revert back at any time to any previous state of the file. It’s great for things like writing screenplays or shopping lists, when you might want to see what you previously did, or accidentally deleted something. But I’ve discovered that there is a possible security hole.

Whenever the operating system saves a version, it puts the data into an invisible database on your harddrive called DocumentRevisions-V100. This database is not encrypted. Which means that if you have ever made a text file that contains passwords or bank information on it, this database has a copy.

Now any smart person wouldn’t make such a text file without saving it onto an encrypted DNG file or something like that. However, even if on an encrypted disk image, Versions still makes copies of it into the unencrypted database. So even though it seems secure sitting on that disk image, you actually have unencrypted versions of it hanging around.

Now this is only technically a problem if you have FileVault turned off for your hard drive. If you have FileVault turned on, it’s not “really” an issue because your entire hard drive is encrypted.

But say you take your encrypted DNG file and stick it on a memory stick. Safe right? But then say you are at the library (that uses Macs) or at a friends place, and decide you need a password. You stick it in, temporarily decrypt the DNG file to get at your password file, and then close the file and eject the disk. Sounds reasonable. The file is still safely encrypted on your memory stick. But Versions has now created a copy of it on your friends computer in the database. Even if your friend has no intention of hacking you, there is still a copy of your password file sitting unencrypted out there.

People could be passing their secure documents around without knowing. Any thief who gets a hold of a computer could easily just browse the database looking for unintentional saves.

One should be able to turn Versions off on particular documents if they desire, and/or the database should be encrypted.

Hopefully Apple addresses this. If you agree, send them a suggestion, and warn your friends: https://www.apple.com/feedback/macosx.html

1 Comment

This is indeed a serious issue that calls for Apple to address in a serious way. The whole versioning and autosaving ideology of Apple is going over the top. We’re not idiots and we don’t need our Macs to do everything for us in the background – particularly if those processes amount to security risks.